<?php
if(!isset($_SESSION)){session_start();};
require('main.php');

if($_POST['doLogin']){
	$username = $_POST['uname'];
	$password = $_POST['pwd'];
	$sql = "SELECT * FROM ".TB_ADMIN." WHERE username = '".$username."' AND password = '".md5($password)."'";
	$user_query = $db->select_query($sql);
	// $user_query = mysql_query($sql)or die(mysql_error());
	$db->rows($user_query);
	if($db->rows($user_query)){
		$user_rs = $db->fetch($user_query);
		$_SESSION['username'] = $user_rs['username'];
		$_SESSION['doLogin']['user'] = true;
		$_SESSION['level'] = $user_rs['alias'];
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
}
//=========================== show_'.TB_MEMBERS.'.php =============================================
if($_POST['change_level']){
	$value = $_POST['l'];
	$user = $_POST['user'];
	if(mysql_query('UPDATE '.TB_MEMBERS.' SET userlevel ='.$value.' WHERE username ="'.$user.'"')){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
}

if($_POST['change_status']){
	$value = $_POST['l'];
	$user = $_POST['user'];
	if(mysql_query('UPDATE '.TB_MEMBERS.' SET status ='.$value.' WHERE username ="'.$user.'"')){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
}

if($_POST['deleteuser']){
	$user = $_POST['user'];
	if(mysql_query('DELETE FROM '.TB_MEMBERS.' WHERE username ="'.$user.'"')){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
}

//========================  '.TB_BANNERS.'.php ==========================================
if($_POST['change_banner_status']){
	$value = $_POST['l'];
	$id = $_POST['id'];
	if(mysql_query('UPDATE '.TB_BANNERS.' SET active ='.$value.' WHERE banner_id ="'.$id.'"')){
		if($value==1){
			mysql_query('UPDATE '.TB_ORDER_ADS.' SET status=2 WHERE ads_id="'.$id.'"');
		}elseif($value==2){
			mysql_query('UPDATE '.TB_ORDER_ADS.' SET status=3 WHERE ads_id="'.$id.'"');
		}else{
			mysql_query('UPDATE '.TB_ORDER_ADS.' SET status=0 WHERE ads_id="'.$id.'"');
		}
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}	
}

if($_POST['change_banner_period']){
	$value = $_POST['l'];
	$id = $_POST['id'];
	if(mysql_query('UPDATE '.TB_BANNERS.' SET period ='.$value.' WHERE banner_id ="'.$id.'"')){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}	
}

if($_POST['delete_banner']){
	$id = $_POST['id'];
	$sql = 'SELECT image FROM '.TB_BANNERS.' WHERE banner_id ="'.$id.'"';
	$q 	= mysql_query($sql)or die(mysql_error());
	$rs	= mysql_fetch_assoc($q);

	$get_order = mysql_query('SELECT invoice FROM '.TB_ORDER_ADS.' WHERE ads_id="'.id.'"');
	$get_order_rs = mysql_fetch_assoc($get_order);
	$invoice_id = $get_order_rs['invoice'];
	
	if(unlink('../uploads/'.$rs['image']) && mysql_query('DELETE FROM '.TB_BANNERS.' WHERE banner_id ="'.$id.'"')){
		mysql_query('DELETE FROM '.TB_ORDER_ADS.' WHERE ads_id="'.$id.'"');
		mysql_query('DELETE FROM order_confirm WHERE invoice="'.$invoice_id.'"');
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
}

if($_POST['ppc_manage']){
	$value = $_POST['l'];
	$id = $_POST['id'];
	$field = $_POST['field'];
	if($field == 'status' && mysql_query('UPDATE adsense_bumq SET active='.$value.' WHERE id ='.$id)){
		echo '{"status":1}';
	}elseif($field == 'ads_from' && mysql_query('UPDATE adsense_bumq SET code_from="'.$value.'" WHERE id ='.$id)){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
}

//========================  bank/add_bank.php ==========================================
if($_POST['upload_bank_img']){
	$name	= $_POST['name'];
	$branch	= $_POST['branch'];
	$account_name	= $_POST['account_name'];
	$account_id		= $_POST['account_id'];
	$logo	= $_SESSION['bank_img'];

	if(mysql_query('INSERT INTO '.TB_BANKS.'(name,account_id,account_name,branch,logo) VALUES("'.$name.'","'.$account_id.'","'.$account_name.'","'.$branch.'","'.$logo.'")')){
		unset($_SESSION['bank_img']);
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
	
}
if($_POST['update_bank_img']){
	$id		= $_POST['bid'];
	$name	= $_POST['name'];
	$branch	= $_POST['branch'];
	$account_name	= $_POST['account_name'];
	$account_id		= $_POST['account_id'];
	$logo	= $_SESSION['bank_img'];
	$sql = 'UPDATE '.TB_BANKS.' SET name="'.$name.'",account_id="'.$account_id.'",account_name="'.$account_name.'",branch="'.$branch.'",logo="'.$logo.'" WHERE id='.$id;
	
	if(mysql_query($sql)){
		unset($_SESSION['bank_img']);
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
	
}
if($_POST['delbank']){
	$bank_id = $_POST['id'];
	$sql = 'SELECT logo FROM '.TB_BANKS.' WHERE id ='.$bank_id;
	$q 	= mysql_query($sql)or die(mysql_error());
	$rs	= mysql_fetch_assoc($q);
	
	if(unlink('../styles/images/bank_images/'.$rs['logo']) && mysql_query('DELETE FROM '.TB_BANKS.' WHERE id='.$bank_id)){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
	
}

if($_POST['adyim']){
	$ad728x90 = strpos($_POST['code'], '728X90');
	$ad160x600 = strpos($_POST['code'], '160X600');
	$ad300x250 = strpos($_POST['code'], '300X250');
	$ad125x125 = strpos($_POST['code'], '125X125');
	
	if($ad728x90 > 0){
		$code = $_POST['code'];
		$size = '728x90';
	}elseif($ad160x600 > 0){
		$code = $_POST['code'];
		$size = '160x600';
	}elseif($ad300x250 > 0){
		$code = $_POST['code'];
		$size = '300x250';
	}elseif($ad125x125){
		$code = $_POST['code'];
		$size = '125x125';
	}
	
	if(mysql_query("UPDATE adyim SET adyim_code = '".$code."' WHERE adyim_size = '".$size."'")){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
}

if($_POST['adsense']){
	$ad728x90 = strpos($_POST['code'], '728x90');
	$ad160x600 = strpos($_POST['code'], '160x600');
	$ad300x250 = strpos($_POST['code'], '300x250');
	
	if($ad728x90 > 0){
		$code = $_POST['code'];
		$size = '728x90';
	}elseif($ad160x600 > 0){
		$code = $_POST['code'];
		$size = '160x600';
	}elseif($ad300x250 > 0){
		$code = $_POST['code'];
		$size = '300x250';
	}
	
	if(mysql_query("UPDATE adsense SET ads_code = '".$code."' WHERE ads_size = '".$size."'")){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
}

if($_POST['bumq']){
	$ad728x90 = strpos($_POST['code'], '728x90');
	$ad160x600 = strpos($_POST['code'], '160x600');
	$ad300x250 = strpos($_POST['code'], '300x250');
	$ad125x125 = strpos($_POST['code'], '125x125');
	
	if($ad728x90 > 0){
		$code = $_POST['code'];
		$size = '728x90';
	}elseif($ad160x600 > 0){
		$code = $_POST['code'];
		$size = '160x600';
	}elseif($ad300x250 > 0){
		$code = $_POST['code'];
		$size = '300x250';
	}elseif($ad125x125){
		$code = $_POST['code'];
		$size = '125x125';
	}
	
	if(mysql_query("UPDATE bumq SET bumq_code = '".$code."' WHERE bumq_size = '".$size."'")){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}

}

if($_POST['member_update']){
	$username= $_POST['member'];
	$poster	= $_POST['poster'];
	$store 	= $_POST['store'];
	$address= $_POST['address'];
	$tumbon	= $_POST['tumbon'];
	$amphur	= $_POST['amphur'];
	$province= $_POST['province'];
	$postcode= $_POST['postcode'];
	$mobile	= $_POST['mobile'];
	$phone	= $_POST['phone'];
	$fax	= $_POST['fax'];

	$sql = 'UPDATE '.TB_MEMBERS.' SET poster_name = "'.$poster.'", company_name = "'.$store.'", address = "'.$address.'", tumbon = "'.$tumbon.'", amphur = "'.$amphur.'", province = "'.$province.'", postcode = "'.$postcode.'", mobile_no = "'.$mobile.'", phone = "'.$phone.'", fax = "'.$fax.'" WHERE username = "'.$username.'"';
	if(mysql_query($sql)){
		echo '{"status":1}';
	}else{
		echo '{"status":0}';
	}
}

if($_POST['delete_img']){
	$index = $_POST['index'];
	$thumb = $_POST['name'];
	$originImg 	= str_replace('thumb-', '', $thumb);
	$img_delete = FALSE;
	if(file_exists(IMG_PATH.$originImg) && unlink(IMG_PATH.$originImg)){
		$img_delete = TRUE;
		unset($_SESSION['CURRENT_IMG'][$index]);
	}
	if(file_exists(IMG_PATH.$thumb) && unlink(IMG_PATH.$thumb)){
		$img_delete = TRUE;
		unset($_SESSION['CURRENT_IMG'][$index]);
	}
	echo '{"status":' . $img_delete . '}';
}
?>